Total
11012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4847 | 1 Deliantra | 1 Deliantra | 2026-04-29 | 4.0 MEDIUM | N/A |
| Deliantra Server before 2.82 allows remote authenticated users to cause a denial of service (daemon crash) via vectors involving an empty treasure list. | |||||
| CVE-2012-6392 | 2 Cisco, Linux | 2 Prime Lan Management Solution, Linux Kernel | 2026-04-29 | 10.0 HIGH | N/A |
| Cisco Prime LAN Management Solution (LMS) 4.1 through 4.2.2 on Linux does not properly validate authentication and authorization requests in TCP sessions, which allows remote attackers to execute arbitrary commands via a crafted session, aka Bug ID CSCuc79779. | |||||
| CVE-2010-4156 | 2 Php, Scottmac | 2 Php, Libmbfl | 2026-04-29 | 5.0 MEDIUM | N/A |
| The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter (aka the length parameter). | |||||
| CVE-2012-0068 | 1 Wireshark | 1 Wireshark | 2026-04-29 | 4.3 MEDIUM | N/A |
| The lanalyzer_read function in wiretap/lanalyzer.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a Novell capture file containing a record that is too small. | |||||
| CVE-2011-5243 | 1 Abraham Williams | 1 Twitteroauth | 2026-04-29 | 5.8 MEDIUM | N/A |
| TwitterOAuth does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2011-0596 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2026-04-29 | 9.3 HIGH | N/A |
| The Bitmap parsing component in 2d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via an image with crafted (1) height and (2) width values for an RLE_8 compressed bitmap, which triggers a heap-based buffer overflow, a different vulnerability than CVE-2011-0598, CVE-2011-0599, and CVE-2011-0602. | |||||
| CVE-2012-0152 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2026-04-29 | 4.3 MEDIUM | N/A |
| The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability." | |||||
| CVE-2011-1824 | 1 Opera | 1 Opera Browser | 2026-04-29 | 4.3 MEDIUM | N/A |
| The VEGAOpBitmap::AddLine function in Opera before 10.61 does not properly initialize memory during processing of the SIZE attribute of a SELECT element, which allows remote attackers to trigger an invalid memory write operation, and consequently cause a denial of service (application crash) or possibly execute arbitrary code, via a large integer attribute value. | |||||
| CVE-2011-2382 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-29 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue. | |||||
| CVE-2012-3572 | 2 Nurul Hidayah Hamazulan, Oscc | 2 Mymesyuarat, Mymeeting | 2026-04-29 | 6.0 MEDIUM | N/A |
| Open Source Competency Center (OSCC) MyMeeting 3.0.1 and earlier, and MyMesyuarat 09b-1, does not properly verify uploaded documents, which allows remote authenticated users to execute arbitrary PHP code via a crafted document. | |||||
| CVE-2011-3387 | 1 Ibm | 1 Java | 2026-04-29 | 4.0 MEDIUM | N/A |
| The class file parser in IBM Java 1.4.2 SR13 FP9 allows remote authenticated users to cause a denial of service (memory consumption or an infinite loop) via a crafted attribute length field in a class file, related to validation of a length field at the wrong time, a different vulnerability than CVE-2011-0311. | |||||
| CVE-2013-1336 | 1 Microsoft | 1 .net Framework | 2026-04-29 | 5.0 MEDIUM | N/A |
| The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability." | |||||
| CVE-2012-0954 | 1 Debian | 1 Advanced Package Tool | 2026-04-29 | 2.6 LOW | N/A |
| APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587. | |||||
| CVE-2013-2818 | 1 Alstom | 1 E-terracontrol | 2026-04-29 | 4.7 MEDIUM | N/A |
| The DNP Master Driver in Alstom e-terracontrol 3.5, 3.6, and 3.7 allows physically proximate attackers to cause a denial of service (infinite loop and DNP3 service disruption) via crafted input over a serial line. | |||||
| CVE-2010-0045 | 2 Apple, Microsoft | 2 Safari, Windows | 2026-04-29 | 9.3 HIGH | N/A |
| Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document. | |||||
| CVE-2013-5593 | 1 Mozilla | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2026-04-29 | 4.3 MEDIUM | N/A |
| The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct clickjacking attacks via vectors that trigger navigation off of a page containing this element. | |||||
| CVE-2010-4819 | 1 X | 1 X.org-xserver | 2026-04-29 | 3.6 LOW | N/A |
| The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and earlier allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an "input sanitization flaw." | |||||
| CVE-2009-0905 | 1 Ibm | 1 Websphere Mq | 2026-04-29 | 1.7 LOW | N/A |
| IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with the same initial substring. | |||||
| CVE-2011-4302 | 1 Moodle | 1 Moodle | 2026-04-29 | 6.8 MEDIUM | N/A |
| mnet/xmlrpc/client.php in MNET in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not properly process the return value of the openssl_verify function, which allows remote attackers to bypass validation via a crafted certificate. | |||||
| CVE-2011-0160 | 1 Apple | 3 Iphone Os, Safari, Webkit | 2026-04-29 | 5.0 MEDIUM | N/A |
| WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header. | |||||